@aarmos/cli 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +74 -0
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -55,6 +55,62 @@ var GITIGNORE_TEMPLATE = `# Aarmos local state
55
55
  .aarmos/keys/
56
56
  .aarmos/avar/
57
57
  `;
58
+ var TEMPLATES = {
59
+ hello: {
60
+ description: "Minimal \u2014 policy + a single echo playbook. Great first run.",
61
+ files: {
62
+ "playbooks/hello.md": '# hello\n\nOne-step playbook. Ask the agent to echo a greeting.\n\n## steps\n\n1. Say: "hello from aarmos"\n',
63
+ "policy.aarmos.toml": `# hello template \u2014 deny-by-default, no external tools.
64
+ [defaults]
65
+ gates.destructive = "deny"
66
+ rate.per_minute = 30
67
+ `
68
+ }
69
+ },
70
+ mcp: {
71
+ description: "MCP starter \u2014 one MCP adapter wired with a read-only scope.",
72
+ files: {
73
+ "policy.aarmos.toml": `# mcp template \u2014 one MCP adapter, read-only scope.
74
+ [defaults]
75
+ gates.destructive = "confirm"
76
+ rate.per_minute = 60
77
+
78
+ [[adapters.mcp]]
79
+ name = "example"
80
+ url = "https://mcp.example.com/server"
81
+ scopes = ["read:*"]
82
+ `,
83
+ "playbooks/mcp-probe.md": "# mcp-probe\n\nList tools exposed by the configured MCP server and print their schemas. Read-only.\n"
84
+ }
85
+ },
86
+ policy: {
87
+ description: "ASP starter \u2014 YAML policy-as-code with a golden test.",
88
+ files: {
89
+ "asp.yaml": `# ASP \u2014 Agent Security Policy (draft)
90
+ version: asp/1
91
+ defaults:
92
+ gates:
93
+ destructive: confirm
94
+ rate:
95
+ per_minute: 60
96
+ rules:
97
+ - id: deny-shell
98
+ when:
99
+ tool: "shell.*"
100
+ decision: deny
101
+ reason: "Shell tools are not permitted in this workspace."
102
+ `,
103
+ "policies/tests/deny-shell.yaml": `# golden test \u2014 shell.* must be denied
104
+ input:
105
+ tool: shell.exec
106
+ args: { cmd: "ls" }
107
+ expect:
108
+ decision: deny
109
+ source: workspace-policy
110
+ `
111
+ }
112
+ }
113
+ };
58
114
  var IMPORT_ALLOWLIST = [
59
115
  "policy.aarmos.toml",
60
116
  "avar.config.json",
@@ -66,6 +122,9 @@ var IMPORT_ALLOWLIST = [
66
122
  ];
67
123
  function initCommand() {
68
124
  return new Command("init").description("Scaffold policy.aarmos.toml, avar.config.json, and local signing key").option("--force", "Overwrite existing files", false).option(
125
+ "--template <name>",
126
+ `Embedded starter template: ${Object.keys(TEMPLATES).join(" | ")}. Writes template files before defaults; existing files are preserved unless --force.`
127
+ ).option(
69
128
  "--from <repo>",
70
129
  "Seed policies/playbooks from a GitHub repo (owner/repo[#ref][/subdir]) or tarball URL. Only Aarmos config files are copied; source code and keys are never imported."
71
130
  ).action(async (opts) => {
@@ -74,6 +133,21 @@ function initCommand() {
74
133
  const chainDir = join(cwd, ".aarmos", "avar");
75
134
  mkdirSync(keyDir, { recursive: true });
76
135
  mkdirSync(chainDir, { recursive: true });
136
+ if (opts.template) {
137
+ const name = opts.template;
138
+ const tpl = TEMPLATES[name];
139
+ if (!tpl) {
140
+ console.error(
141
+ `\u2717 unknown template "${opts.template}". Known: ${Object.keys(TEMPLATES).join(", ")}`
142
+ );
143
+ process.exitCode = 1;
144
+ return;
145
+ }
146
+ console.log(`\u25B8 template: ${name} \u2014 ${tpl.description}`);
147
+ for (const [rel, contents] of Object.entries(tpl.files)) {
148
+ writeIfMissing(join(cwd, rel), contents, opts.force);
149
+ }
150
+ }
77
151
  if (opts.from) {
78
152
  await seedFromRepo(opts.from, cwd, opts.force);
79
153
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aarmos/cli",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "description": "Aarmos CLI — run any agent locally, across any protocol (MCP, OpenAPI, deep-link), with a signed AVAR receipt on every execution. Sovereign runtime, universal tool gateway, verifiable governance.",
5
5
  "keywords": [
6
6
  "aarmos",